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—The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 



THE REPLY FILED 01 December 2010 FAILS TO PLACE THIS APPLICATION IN CONDITION FOR ALLOWANCE. 

1 . ^ The reply was filed after a final rejection, but prior to or on the same day as filing a Notice of Appeal. To avoid abandonment of this 

application, applicant must timely file one of the following replies: (1) an amendment, affidavit, or other evidence, which places the 
application in condition for allowance; (2) a Notice of Appeal (with appeal fee) in compliance with 37 CFR 41 .31 ; or (3) a Request 
for Continued Examination (RCE) in compliance with 37 CFR 1.114. The reply must be filed within one of the following time 
periods: 

a) Q The period for reply expires months from the mailing date of the final rejection. 

b) ^ The period for reply expires on: (1 ) the mailing date of this Advisory Action, or (2) the date set forth in the final rejection, whichever is later. In 

no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of the final rejection. 

Examiner Note: If box 1 is checked, check either box (a) or (b). ONLY CHECK BOX (b) WHEN THE FIRST REPLY WAS FILED WITHIN TWO 

MONTHS OF THE FINAL REJECTION. See MPEP 706.07(f). 
Extensions of time may be obtained under 37 CFR 1 .136(a). The date on which the petition under 37 CFR 1.136(a) and the appropriate extension fee 
have been filed is the date for purposes of determining the period of extension and the corresponding amount of the fee. The appropriate extension fee 
under 37 CFR 1 .17(a) is calculated from: (1) the expiration date of the shortened statutory period for reply originally set in the final Office action; or (2) as 
set forth in (b) above, if checked. Any reply received by the Office later than three months after the mailing date of the final rejection, even if timely filed, 
may reduce any earned patent term adjustment. See 37 CFR 1 .704(b). 
NOTICE OF APPEAL 

2. ^ The Notice of Appeal was filed on 12/01/2010 . A brief in compliance with 37 CFR 41 .37 must be filed within two months of the 

date of filing the Notice of Appeal (37 CFR 41.37(a)), or any extension thereof (37 CFR 41.37(e)), to avoid dismissal of the appeal. 
Since a Notice of Appeal has been filed, any reply must be filed within the time period set forth in 37 CFR 41 .37(a). 

AMENDMENTS 

3. □ The proposed amendment(s) filed after a final rejection, but prior to the date of filing a brief, will not be entered because 

(a) n They raise new issues that would require further consideration and/or search (see NOTE below); 

(b) \Zl They raise the issue of new matter (see NOTE below); 

(c) □ They are not deemed to place the application in better form for appeal by materially reducing or simplifying the issues for 

appeal; and/or 

(d) n They present additional claims without canceling a corresponding number of finally rejected claims. 

NOTE: . (See 37 CFR 1 .1 1 6 and 41 .33(a)). 

4. □ The amendments are not in compliance with 37 CFR 1.121. See attached Notice of Non-Compliant Amendment (PTOL-324). 

5. n Applicant's reply has overcome the following rejection(s): . 

6. □ Newly proposed or amended claim(s) would be allowable if submitted in a separate, timely filed amendment canceling the 

non-allowable claim(s). 

7. ^ For purposes of appeal, the proposed amendment(s): a) □ will not be entered, or b) M will be entered and an explanation of 

how the new or amended claims would be rejected is provided below or appended. 
The status of the claim(s) is (or will be) as follows: 

Claim(s) allowed: . 

Claim(s) objected to: . 

Claim(s) rejected: 1 -3. 25. 27-29 and 32-33 . 
Claim(s) withdrawn from consideration: 22-24 . 
AFFIDAVIT OR OTHER EVIDENCE 

8. □ The affidavit or other evidence filed after a final action, but before or on the date of filing a Notice of Appeal will not be entered 

because applicant failed to provide a showing of good and sufficient reasons why the affidavit or other evidence is necessary and 
was not earlier presented. See 37 CFR 1.1 16(e). 

9. □ The affidavit or other evidence filed after the date of filing a Notice of Appeal, but prior to the date of filing a brief, will not be 

entered because the affidavit or other evidence failed to overcome all rejections under appeal and/or appellant fails to provide a 
showing a good and sufficient reasons why it is necessary and was not earlier presented. See 37 CFR 41 .33(d)(1 ). 

1 0. □ The affidavit or other evidence is entered. An explanation of the status of the claims after entry is below or attached. 
REOUEST FOR RECONSIDERATION/OTHER 

The request for reconsideration has been considered but does NOT place the application in condition for allowance because: 
See Continuation Sheet 

12. □ Note the attached Information Disclosure Statement(s). (PTO/SB/08) Paper No(s). 

13. □ Other: . 

/Ba Huynh/ 

Primary Examiner, Art Unit 21 79 
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Continuation of 11 . does NOT place ttie application in condition for allowance because: The arguments are not persuasive in view of the 
cited art. 

As per claimi , applicants argue that nothing in Dugatkin discloses anything related to a default rule set. 

In response, The examiner disagrees and notes that Dugatkin discloses A "capture group" is a group of data units or network traffic data 
concerning the data units which may be collected according to system defined and/or user defined constraints. The constraints may 
include a "start trigger" and a "stop trigger". The triggers may specify events that cause the collectors 21 0 to begin or cease capturing 
network traffic. The start trigger may be set to be a particular kind of data unit, may be a particular network address specified as a source 
and/or destination address in a data unit, may be a data rate of the network traffic, and others. The triggers may be sequences of specified 
data units. The triggers may be a pattern or rule specifying a portion of a network address or other identifying information included in a data 
unit. The triggers may also be set based on time constraints such that network data is captured over a system or user defined period of 
time (e.g., 3 minutes, 30 minutes, 3 hours). Network traffic may also be captured until a memory or storage area is full. (para. [0036]). The 
system defined the triggers when to start and stop capturing network traffic implies that it is a default rule set since there is any user 
intervention. 



Second, nothing in Dugatkin discusses any type of capture rule, which outlines source and destination address information. 

In response. The examiner disagrees and notes that Dugatkin discloses The triggers may be a pattern or rule specifying a portion of a 
network address or other identifying information included in a data unit (para. [0036]). 

Finally, no reference discusses search scheduling to occur after an initial search is generated, or how such searching would continue on a 
periodic basis. As an aside, no reference discusses how a report would be automatically sent to a network address of an author of the initial 
search. 

In response. The examiner disagrees and notes that Yanagihara teaches after an initial search is generated it is scheduled to occur on a 
periodic basis such that a report is automatically sent to a network address of an author of the initial search (col. 9, lines 10-35).. 
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